7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15777

GHSA ID

GHSA-vp55-fhxx-vcx8

EPSS Score

0.59224%

CWE

CWE-502

Published

5/24/2022

Updated

5/16/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-15777

CVE-2020-15777: Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. It is vulnerable to, in the worst case, Remote Code Execution, and in the general case, local privilege escalation. Internally, the plugin uses a socket connection to send serialized Java objects that are deserialized by a Java standard library ObjectInputStream. This ObjectInputStream was not restricted to a list of trusted classes, thus allowing an attacker to send a malicious deserialization gadget chain to achieve code execution. The socket was not bound exclusively to localhost. The port this socket is assigned to is randomly selected by the JVM and is not intentionally exposed to the public (either by design or documentation).

(GitHub Advisory)

7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15777

GHSA ID

GHSA-vp55-fhxx-vcx8

EPSS Score

0.59224%

CWE

CWE-502

Published

5/24/2022

Updated

5/16/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.gradle:gradle-enterprise-maven-extension	maven	< 1.6	1.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insecure deserialization via Java's ObjectInputStream without proper class restriction. The advisory explicitly states that 'ObjectInputStream was not restricted to a list of trusted classes', which directly implicates the readObject() method used in deserialization. While exact code locations aren't provided, the technical description confirms the pattern of unsafe deserialization from socket streams, making ObjectInputStream.readObject() the clear vulnerable function. The socket exposure expands the attack surface but doesn't change the root vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** M*v*n *xt*nsion plu*in ***or* *.* *or *r**l* *nt*rpris*. It is vuln*r**l* to, in t** worst **s*, R*mot* *o** *x**ution, *n* in t** **n*r*l **s*, lo**l privil*** *s**l*tion. Int*rn*lly, t** plu*in us*s * so*k*t *onn**tio

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* **s*ri*liz*tion vi* J*v*'s `O*j**tInputStr**m` wit*out prop*r *l*ss r*stri*tion. T** **visory *xpli*itly st*t*s t**t 'O*j**tInputStr**m w*s not r*stri*t** to * list o* trust** *l*ss*s', w*i** *ir**tly impli**t*s

7.8

Basic Information

Concerned about an active attack path?

CVE-2020-15777: Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI